International PHP Conference Berlin 2021

Backward incompatible changes

Although most existing PHP 5 code should work without changes, please take note of some backward incompatible changes:

Array keys won't be overwritten when defining an array as a property of a class via an array literal

Previously, arrays declared as class properties which mixed explicit and implicit keys could have array elements silently overwritten if an explicit key was the same as a sequential implicit key. For example:

class {
ONE 1;
$array = [
self::ONE => 'foo',

var_dump((new C)->array);

Exemplul de mai sus va afișa în PHP 5.5:

array(2) {
  string(3) "bar"
  string(4) "quux"

Exemplul de mai sus va afișa în PHP 5.6:

array(3) {
  string(3) "foo"
  string(3) "bar"
  string(4) "quux"

json_decode() strictness

json_decode() now rejects non-lowercase variants of the JSON literals true, false and null at all times, as per the JSON specification, and sets json_last_error() accordingly. Previously, inputs to json_decode() that consisted solely of one of these values in upper or mixed case were accepted.

This change will only affect cases where invalid JSON was being passed to json_decode(): valid JSON input is unaffected and will continue to be parsed normally.

Stream wrappers now verify peer certificates and host names by default when using SSL/TLS

Toate torentele-client criptate oferă acum implicit verificarea corespondentului. Implicit aceasta va utiliza setul implicit de CA al OpenSSL pentru a verifica certificatul corespondentului. În majoritatea cazurilor nu va fi nevoie de careva schimbări pentru a comunica cu servere cu certificate SSL valide, deoarece distribuitorii de obicei configurează OpenSSL să utilizeze seturi valide de CA bine cunoscute.

Setul implicit de CA poate fi înlocuit global stabilind opțiunile de configurare openssl.cafile sau openssl.capath, sau la nivelul interpelării utilizând opțiunile de context cafile sau capath.

Cu toate că nu este recomandabil la general, este posibil de a dezactiva verificarea certificatului corespondentului pentru o interpelare stabilind opțiunea de context verify_peer în false, și de a dezactiva validarea numelui corespondentului stabilind opțiunea de context verify_peer_name în false.

GMP resources are now objects

GMP resources are now objects. The functional API implemented in the GMP extension has not changed, and code should run unmodified unless it checks explicitly for a resource using is_resource() or similar.

Mcrypt functions now require valid keys and IVs

mcrypt_encrypt(), mcrypt_decrypt(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ecb(), mcrypt_generic() and mcrypt_ofb() will no longer accept keys or IVs with incorrect sizes, and block cipher modes that require IVs will now fail if an IV isn't provided.

cURL file uploads

Uploads using the @file syntax now require CURLOPT_SAFE_UPLOAD to be set to false. CURLFile should be used instead.

add a note add a note

User Contributed Notes 1 note

3 years ago
Another breaking change involves opening the special "php://input" stream for decompression. In PHP 5.5, the following code would allow PHP to decode a gzip'd request input stream:

// Open the input stream for requests with Content-Encoding: gzip.
$input = gzopen('php://input','r');
// This has the same effect as fopen('compress.zlib://php://input','r').

// Get the decompressed request body.

However in PHP 5.6 this does not work. Instead PHP gives the following warning: gzopen(): cannot represent a stream of type Input as a File Descriptor.

It is unclear whether this is a bug or intentional, backward-incompatible change.
To Top